Creating a PCI Compliant PostgreSQL Cluster
The PCI compliance standards relate to the security of user data and transactional information. Customers who require their application to be PCI compliant, or would like to take advantage of its additional security features, can choose to create a PCI compliant PostgreSQL Cluster. You can read more about PCI and our support for it here.
Note: Enabling PCI causes extra logging to occur, for example, to track connections and disconnections from any user. It also activates some OS level security features. Both of these end up having an impact on the performance of the cluster. This should be insignificant in most cases; however, it is recommended you test the performance of your cluster in a non-production environment to ensure any impacts from enabling PCI are acceptable.
Table of Contents
Enable PCI Compliant account security settings
Before Creating an PCI cluster, we need to enable PCI compliance on the account. Navigate to Account Settings under the Settings Cog in the top right of Console. Then select the Security tab.
Select the checkbox under PCI Compliance to make your account PCI compliant. This allows you to access the requirements for using PCI with a cluster.
Note that PCI compliance relies on multi-user access, so we require having 2 account owners in case of loss of access for one person. This satisfies the first section of the PCI requirements.
Creating a cluster
You can continue with the Console Interface to provision a PCI compliant cluster or alternatively you can use the Instaclustr Provisioning API.
Navigate to the Create Cluster wizard and create a cluster according to your requirements but be sure to enable the PCI Compliance Mode checkbox under Enterprise features. You can refer to our support article on Creating a PostgreSQL Cluster for more information.
Currently, PCI compliance mode for PostgreSQL is only available for Amazon Web Services or Google Cloud Platform as the infrastructure provider.
Transitioning an existing cluster
If you are looking to transition an existing cluster to a PCI compliant cluster, or have additional questions around our PCI compliant clusters, please contact our support team at [email protected].
